PT-2025-27421 · D Link · D-Link Di-7300G+
Shiny
·
Published
2025-06-30
·
Updated
2025-07-02
·
CVE-2025-6897
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
D-Link DI-7300G+ version 19.12.25A1
Description:
A critical issue was found in the httpd debug.asp file, where the manipulation of the
Time argument leads to os command injection. The exploit has been disclosed to the public and may be used.Recommendations:
For D-Link DI-7300G+ version 19.12.25A1, consider restricting access to the httpd debug.asp file until a patch is available. As a temporary workaround, avoid using the
Time argument in the affected file to minimize the risk of exploitation.Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Di-7300G+